Analysis
-
max time kernel
144s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240215-en -
resource tags
-
submitted
18/02/2024, 04:26
General
-
Target
2024-02-18_119af54a298c6cdeac421cf629f682cc_goldeneye.exe
-
Size
380KB
-
MD5
119af54a298c6cdeac421cf629f682cc
-
SHA1
3f74267982001d38f5966f291c81f127ed6c8fb1
-
SHA256
b3dee0eff15a9dcb8bf7fdfa9bc4308ec4cc79ba6192f8aaf0e9557994e95c27
-
SHA512
3f3519f9bacc01c3b253b1bc023fa76ae3707d22c61d1d8d74b488f2c5989ec45d3f71426c4453da936745161eaaa3415876a169951c9d1238cb14ecf05cae55
-
SSDEEP
3072:mEGh0o6lPOiDOe2MUVg3bHrH/HqOYGb+4QnZZIne+rcC4F0fJGRIS8Rfd7eQEcGw:mEGsl7Oe2MUVg3v2IneKcAEcARy
Malware Config
Signatures
-
Auto-generated rule 11 IoCs
-
Modifies Installed Components in the registry 2 TTPs 22 IoCs
-
Deletes itself 1 IoCs
-
Executes dropped EXE 11 IoCs
-
Drops file in Windows directory 11 IoCs
-
Suspicious use of AdjustPrivilegeToken 11 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-02-18_119af54a298c6cdeac421cf629f682cc_goldeneye.exe"C:\Users\Admin\AppData\Local\Temp\2024-02-18_119af54a298c6cdeac421cf629f682cc_goldeneye.exe"1⤵
- Modifies Installed Components in the registry
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{2A33424F-B8B4-40e7-8203-1D729B1401CA}.exeC:\Windows\{2A33424F-B8B4-40e7-8203-1D729B1401CA}.exe2⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{17D465B1-6DEA-4bca-98D8-CBEBD0354654}.exeC:\Windows\{17D465B1-6DEA-4bca-98D8-CBEBD0354654}.exe3⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{10AA1BF5-07A7-4cd0-9DB6-E12C63975141}.exeC:\Windows\{10AA1BF5-07A7-4cd0-9DB6-E12C63975141}.exe4⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{96EC5B92-12EB-46ee-96C8-F08F0AC646DB}.exeC:\Windows\{96EC5B92-12EB-46ee-96C8-F08F0AC646DB}.exe5⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{CD88E071-621F-4a08-A091-CA2F1BD39158}.exeC:\Windows\{CD88E071-621F-4a08-A091-CA2F1BD39158}.exe6⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{710721EA-DC25-4d6c-8269-3A5A728C628B}.exeC:\Windows\{710721EA-DC25-4d6c-8269-3A5A728C628B}.exe7⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{1430C447-3282-4ec5-9467-D1BB98C17E6B}.exeC:\Windows\{1430C447-3282-4ec5-9467-D1BB98C17E6B}.exe8⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{FC87DDCC-2B02-4fe2-A22E-AB629178721A}.exeC:\Windows\{FC87DDCC-2B02-4fe2-A22E-AB629178721A}.exe9⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{2A9BB443-EFB9-415a-BA9C-D7FD166453F6}.exeC:\Windows\{2A9BB443-EFB9-415a-BA9C-D7FD166453F6}.exe10⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{17D4132B-923F-4f7c-8799-DC8B01E2550B}.exeC:\Windows\{17D4132B-923F-4f7c-8799-DC8B01E2550B}.exe11⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{D0748883-3944-4eb2-B0E1-8F55CCF0330F}.exeC:\Windows\{D0748883-3944-4eb2-B0E1-8F55CCF0330F}.exe12⤵
- Executes dropped EXE
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{17D41~1.EXE > nul12⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{2A9BB~1.EXE > nul11⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{FC87D~1.EXE > nul10⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{1430C~1.EXE > nul9⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{71072~1.EXE > nul8⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{CD88E~1.EXE > nul7⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{96EC5~1.EXE > nul6⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{10AA1~1.EXE > nul5⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{17D46~1.EXE > nul4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{2A334~1.EXE > nul3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul2⤵
- Deletes itself
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
380KB
MD5b7ab4ceaba064524d947921fb1f51f73
SHA1cc0aecbb34b99d2d2d70e7f07fcbbe1a1236861a
SHA2561e41d4f82742d273b0cbc407e450073a2503dd0c4fc5dc37acaea32f457afa34
SHA5124f4e5fe96a9d3ba2dd4fa81f177438029d9cf14ee4a024e1f7247f44dd0cc9eff6fc6233d54aaf5822811bdf4657a1cea4d1ee3353b408b7c8c04ffb2105c633
-
Filesize
380KB
MD5e2fa33b56566da2be411ffb59eb7f1f6
SHA109313c1fb7321dfcba044fd4e5f2d3dea06b7b6c
SHA25657f1dba19e902c947113d23d417cc955d97e2f16ca0117d8618dc7166c250444
SHA512bc6ed1d611ecbf7de4dc845a1533b8b071ae8a9230153314d1b745dbd1e4f2562f0ad9cea9bb518763c7c800421b209f087105a1f490e80823691e790cc35ca9
-
Filesize
380KB
MD51bf80b1100f0f87760e680913e260075
SHA1b106da25c0a16d6ec8bc99a5cc39a809ab634bd3
SHA256f3ee896d140c021a084f759a60e978889a6663b6eb274d20853cf3330afd8106
SHA51273693dcd58946550814467ef0ebb28e119c5a81555054ad224e55d66d350ee44d8b06b94c4c41a66668d8f1f06a5cbfc4c5a2b532bc85bd17ec94b90632d00f4
-
Filesize
380KB
MD5178ed4d88e544c4faffea79d92d64ba0
SHA102b0a498d947998fbf8bb22c137098a0483fb926
SHA256b0610b41bede1fc5b56ff76a64dd8d759d4a317495803161cecb08627722fb29
SHA5121533aa28fd7a78347c026ba3f1e10a7aa0548eac9da9db5c4833621e48533b9d2cb60960cd5ffecff6743b6b49960018eb455c66ad308f0818a7743f2a2967db
-
Filesize
380KB
MD5b295c9fc2331b9c3fd0be93acfb257e5
SHA1abae3a7b20feaf2874114eaa5bb4a30dc376b1a0
SHA2567c877a8d8ff9dc780ed69ef4b1c4f726b5b5fa1355344e312627746165774e72
SHA512f1936fca41ba08f6cef998070d94e24bc98082eaa0eaad7c58083b7d415f05546c617622c31217c8c4d8ab635d876c1ec8bb49ba1f4c653ba2b9b6593fbd2d8e
-
Filesize
380KB
MD501701b783bc8ae67549e6dd15fef46e1
SHA13bc22f9f87194d0ccbe5903d5c8a2ce2ed4cc962
SHA256575174f472df960f6c664e849d1d30bb87353a982c1e326ce0d2d53be2c1bd40
SHA512a4713f301f097dcb433fa0c051c71b838fc78da01cd1893735ed9f321541f16ad0cb92971c5d0d25674d766ef88abc9ef7a0d0755122f12afb5e647efbeb50ba
-
Filesize
380KB
MD5cee8bb3eda8ba65fcd2c540bfb41dbf5
SHA11b24fc318270174bcaea9195595b1e8575643a05
SHA256ecc2140a3b4bd8c8cf018c025d2ccf6deed6d07898a36c4b3d55e82e40927575
SHA512ed847147600305f20d09af73c70c53d8b46ac04d72d6aa0f171c683f6f6c5afb8efd87f8aef69e8ef797c0117a371b4e4b1e8931ad944b5ec9255de9887a2807
-
Filesize
380KB
MD5f21de51dcbd7048dc4624d05d6348a21
SHA1b394090fed10d4b6db866c2d88c9a4c5d8701762
SHA256402405d8ada72dc825d6c5615514dd7b6b2ec7ff33aa34649eb1fa6b100f6c1c
SHA512359697d013113feae05f5b2eb7220e277708835406b5e321e57f7ac2cb90a74d585138da761b6d178c5481883611a49fce36c32a1d4074935bd41ed288651789
-
Filesize
380KB
MD523e29920a8aa608c29fe66fb4b552aa7
SHA1cabaaef27aaa150fa14ae6a08a74c5ea46006d1f
SHA25613e04424d40ddf0474af261bc3ce10c06dc2415cb68c210b0b0a52238fbf86ec
SHA512388955bc0029e570069338c90dc8e8a5811020fe3777a26e7349a5ad6d899f99beda562debefcb615e69b5971d207419e2545a40f118af58f7e0def3e0897e6e
-
Filesize
380KB
MD5e1ff7945d9a3c4ba3abe6391296d1754
SHA11037c05924a23ca5c61d48b79779a082b892f46a
SHA2569aa35027b811e678a4d82b3e8e63cbf7efe717d1b779cd5817e19cbe65877894
SHA512ee2c2545ce7135bd902976a8883c312aa96b488b0b08090c0424a1629af28d2eafb377a6aade3f10d882a67c2daac06a8771295730b702b18a740ae718dd717f
-
Filesize
380KB
MD55912d9df0b961301f91cb702400321de
SHA1fcb099555c908de70af7744c5b1e36e44500e39f
SHA256d0ade3dfb6e9203951248098453f017d70f21e3f20af0bbf71ac5eb43a4553ea
SHA512b4ca7c94c2775cdcecdf215177824280bc022abbd27a862587898adb922d1a7e5b63daba9bc6e234e54f925851f9dc27f63468f98eed139dbc92b8ab1586b9ad